Skip to content

Commit

Permalink
Fixes remediation and documentation link not working
Browse files Browse the repository at this point in the history
  • Loading branch information
@MatteoBiscosi
MatteoBiscosi committed Aug 28, 2024
1 parent f327420 commit c42252a
Show file tree
Hide file tree
Showing 5 changed files with 132 additions and 98 deletions.
22 changes: 14 additions & 8 deletions scripts/lua/flow_details.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1366,7 +1366,7 @@ else
local alert_label = alert_consts.alertTypeLabel(id, true, alert_entities.flow.entity_id)
local message = alert_label
local alert_score = flow.score.alert_score[tostring(id)] -- ntop.getFlowAlertScore(id)
local alert_risk = ntop.getFlowAlertRisk(id)
local alert_risk = ntop.getFlowAlertRisk(tonumber(id))

if not alerts_by_score[alert_score] then
alerts_by_score[alert_score] = {}
Expand Down Expand Up @@ -1436,20 +1436,26 @@ else
local mitre_info = nil
local status_icon = ""
local riskLabel = riskInfo[tostring(score_alert.alert_risk)]
local alert_src

if (riskLabel ~= nil) then
riskLabel = shortenString(riskLabel, 64)
else
riskLabel = ""
end

if score_alert.alert_id then
alert_consts.alertTypeIcon(score_alert.alert_id, map_score_to_severity(score_alert.alert_id), 'fa-lg')
end
if score_alert.alert_id then
alert_consts.alertTypeIcon(score_alert.alert_id, map_score_to_severity(score_alert.alert_id), 'fa-lg')
end

local alert_source = " <span class='badge bg-info'>".. ternary(score_alert.alert_risk, "nDPI", "ntopng") .. "</span>"
if (tonumber(score_alert.alert_risk) == 0) then
alert_src = "ntopng"
else
alert_src = "nDPI"
end

print(string.format('<tr>'))
local alert_source = " <span class='badge bg-info'>" .. alert_src .. "</span>"
print(string.format('<tr>'))

if score_alert.alert_id then
alert_key = alert_consts.getAlertType(tonumber(score_alert.alert_id), alert_entities.flow.entity_id)
Expand All @@ -1465,7 +1471,7 @@ else
local msg = string.format('<td> %s </td><td style=\"text-align: center;\"> %s </td><td> %s %s %s</td>',
score_alert.message .. alert_source,
'<span style="color:' .. severity.color .. '">' .. score_alert.score .. '</span>',
riskLabel, (score_alert.alert_risk > 0 and flow_risk_utils.get_documentation_link(score_alert.alert_risk)) or '',
riskLabel, (score_alert.alert_risk > 0 and flow_risk_utils.get_documentation_link(score_alert.alert_risk, alert_src)) or '',
status_icon or '')

print(msg)
Expand Down Expand Up @@ -1495,7 +1501,7 @@ else
end

print('<td style=\"text-align: center;\">'..
flow_risk_utils.get_remediation_documentation_link(score_alert.alert_id)
flow_risk_utils.get_remediation_documentation_link(score_alert.alert_risk, alert_src)
.. '</td>')

print('<td nowrap>')
Expand Down
120 changes: 63 additions & 57 deletions scripts/lua/modules/alert_utils.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -383,61 +383,66 @@ end
-- #################################

function alert_utils.formatFlowAlertMessage(ifid, alert, alert_json, add_score, local_explorer)
local msg
local alert_risk

if tonumber(alert.alert_id) then
alert_risk = ntop.getFlowAlertRisk(tonumber(alert.alert_id))
end

if not alert_json then
alert_json = alert_utils.getAlertInfo(alert)
end

local description = alertTypeDescription(alert.alert_id, alert_entities.flow.entity_id)

if (type(description) == "string") then
-- localization string
msg = i18n(description, alert_json)
elseif (type(description) == "function") then
msg = description(ifid, alert, alert_json, local_explorer)
end

if isEmptyString(msg) then
if alert_json and alert_json.alert_generation and alert_risk and alert_risk > 0 then
-- Flow risks most of the times already have a default description, use this in case of emtpy descr
msg = alert_utils.get_flow_risk_info(alert_risk, alert_json)
else
-- Normal alerts
msg = alert_consts.alertTypeLabel(tonumber(alert.alert_id), true --[[ no_html --]] , alert.entity_id)
end
end

if not isEmptyString(alert["user_label"]) then
msg = string.format('%s <small><span class="text-muted">%s</span></small>', msg, alert["user_label"])
end

if add_score then
if tonumber(alert.alert_id) then
local alert_score = ntop.getFlowAlertScore(tonumber(alert.alert_id))
msg = alert_utils.format_score(msg, alert_score)
end
end

-- Add the link to the documentation
if alert_risk and alert_risk > 0 then
msg = string.format("%s %s %s",
msg, flow_risk_utils.get_documentation_link(alert_risk),
flow_risk_utils.get_remediation_documentation_link(alert.alert_id))
local info_msg = alert_utils.get_flow_risk_info(alert_risk, alert_json)

-- Add check info_msg ~= alert.info to avoid duplicated in description msg
--[[if (not isEmptyString(info_msg) and info_msg ~= alert.info) then
local msg
local alert_risk

if tonumber(alert.alert_id) then
alert_risk = ntop.getFlowAlertRisk(tonumber(alert.alert_id))

if (tonumber(alert_risk) == 0) then
alert_src = "ntopng"
else
alert_src = "nDPI"
end
end

if not alert_json then
alert_json = alert_utils.getAlertInfo(alert)
end

local description = alertTypeDescription(alert.alert_id, alert_entities.flow.entity_id)

if (type(description) == "string") then
-- localization string
msg = i18n(description, alert_json)
elseif (type(description) == "function") then
msg = description(ifid, alert, alert_json, local_explorer)
end

if isEmptyString(msg) then
if alert_json and alert_json.alert_generation and alert_risk and alert_risk > 0 then
-- Flow risks most of the times already have a default description, use this in case of emtpy descr
msg = alert_utils.get_flow_risk_info(alert_risk, alert_json)
else
-- Normal alerts
msg = alert_consts.alertTypeLabel(tonumber(alert.alert_id), true --[[ no_html --]] , alert.entity_id)
end
end

if not isEmptyString(alert["user_label"]) then
msg = string.format('%s <small><span class="text-muted">%s</span></small>', msg, alert["user_label"])
end

if add_score then
if tonumber(alert.alert_id) then
local alert_score = ntop.getFlowAlertScore(tonumber(alert.alert_id))
msg = alert_utils.format_score(msg, alert_score)
end
end

-- Add the link to the documentation
if alert_risk and alert_risk > 0 then
msg = string.format("%s %s %s", msg, flow_risk_utils.get_documentation_link(alert_risk, alert_src),
flow_risk_utils.get_remediation_documentation_link(alert.alert_id, alert_src))
local info_msg = alert_utils.get_flow_risk_info(alert_risk, alert_json)

-- Add check info_msg ~= alert.info to avoid duplicated in description msg
--[[if (not isEmptyString(info_msg) and info_msg ~= alert.info) then
msg = string.format("%s", msg, info_msg)
end--]]
end
end

return msg or ""
return msg or ""
end

-- #################################
Expand Down Expand Up @@ -800,18 +805,19 @@ function alert_utils.format_other_alerts(alert_bitmap, predominant_alert, alert_

if alert_id ~= tonumber(predominant_alert) then -- Do not add the predominant alert to the list of additional alerts
local message = alert_consts.alertTypeLabel(alert_id, true, alert_entities.flow.entity_id)
message = message .. " " .. alert_consts.addExtraInfo(alert_id, alert_entities.flow.entity_id, alert_json)
message = message .. " " ..
alert_consts.addExtraInfo(alert_id, alert_entities.flow.entity_id, alert_json)
local alert_score = ntop.getFlowAlertScore(alert_id)

if add_score then
message = alert_utils.format_score(message, alert_score)
end

local alert_risk = ntop.getFlowAlertRisk(alert_id)
if alert_risk > 0 then
local alert_risk = ntop.getFlowAlertRisk(tonumber(alert_id))
if alert_risk > 0 then -- source is nDPI
if not no_html then
message = string.format("%s %s", message,
flow_risk_utils.get_documentation_link(alert_risk))
flow_risk_utils.get_documentation_link(alert_risk, "nDPI"))
end
local info_msg = alert_utils.get_flow_risk_info(alert_risk, alert_json)
if not isEmptyString(info_msg) then
Expand All @@ -829,7 +835,7 @@ function alert_utils.format_other_alerts(alert_bitmap, predominant_alert, alert_
msg = message,
score = alert_score,
alert_id = alert_id
}
}
else
additional_alerts[#additional_alerts + 1] = message
end
Expand Down
61 changes: 35 additions & 26 deletions scripts/lua/modules/flow_risk_utils.lua
View file
Original file line number Diff line number Diff line change
@@ -1,51 +1,60 @@
--
-- (C) 2017-24 - ntop.org
--

local flow_risk_utils = {}

local clock_start = os.clock()

-- ##############################################

function flow_risk_utils.get_documentation_link(risk_id)

local url = string.format("https://www.ntop.org/guides/nDPI/flow_risks.html#risk-%.3u", risk_id)
local link = string.format('<a href="%s" target="_blank"><i class="fas fa-lg fa-question-circle"></i></a>', url)
function flow_risk_utils.get_documentation_link(risk_id, source)
local url = ""
if (source == "ntopng") then
url = string.format("https://www.ntop.org/guides/ntopng/remediations/ntopng_flow_risks.html#risk-%.3u", risk_id)
else
url = string.format("https://www.ntop.org/guides/ntopng/remediations/ndpi_flow_risks.html#risk-%.3u", risk_id)
end

return link
return string.format('<a href="%s" target="_blank"><i class="fas fa-lg fa-question-circle"></i></a>', url)
end

function flow_risk_utils.get_remediation_documentation_link(risk_id)
local url = string.format("https://www.ntop.org/guides/ntopng/remediations/flow_risks.html#risk-%.3u", risk_id)
local link = string.format('<a href="%s" target="_blank"><i class="fa-solid fa-lg fa-briefcase-medical"></i></a>', url)
function flow_risk_utils.get_remediation_documentation_link(risk_id, source)
local url = ""
if (source == "ntopng") then
url = string.format("https://www.ntop.org/guides/ntopng/remediations/ntopng_flow_risks.html#risk-%.3u", risk_id)
else
url = string.format("https://www.ntop.org/guides/ntopng/remediations/ndpi_flow_risks.html#risk-%.3u", risk_id)
end

return link
return string.format('<a href="%s" target="_blank"><i class="fa-solid fa-lg fa-briefcase-medical"></i></a>', url)
end

-- ##############################################

--@brief Returns a table with all available risk strings, keyed by risk id.
-- @brief Returns a table with all available risk strings, keyed by risk id.
function flow_risk_utils.get_risks_info()
local res = {}

for risk_id = 1,127 do
local risk_str = ntop.getRiskStr(risk_id)
if risk_id == tonumber(risk_str) then
break
end

-- Use string keys to avoid tricking lua into thinking it is processing an array
res[tostring(risk_id)] = {label = risk_str, id = risk_id}
end

return res
local res = {}

for risk_id = 1, 127 do
local risk_str = ntop.getRiskStr(risk_id)
if risk_id == tonumber(risk_str) then
break
end

-- Use string keys to avoid tricking lua into thinking it is processing an array
res[tostring(risk_id)] = {
label = risk_str,
id = risk_id
}
end

return res
end

-- ##############################################

if(trace_script_duration ~= nil) then
io.write(debug.getinfo(1,'S').source .." executed in ".. (os.clock()-clock_start)*1000 .. " ms\n")
if (trace_script_duration ~= nil) then
io.write(debug.getinfo(1, 'S').source .. " executed in " .. (os.clock() - clock_start) * 1000 .. " ms\n")
end

return flow_risk_utils
23 changes: 18 additions & 5 deletions scripts/lua/modules/historical_flow_details_formatter.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ package.path = dirs.installdir .. "/scripts/lua/modules/alert_store/?.lua;" .. p
require "lua_utils"
local json = require "dkjson"
local dscp_consts = require "dscp_consts"
local flow_risk_utils = require "flow_risk_utils"

local historical_flow_details_formatter = {}

Expand Down Expand Up @@ -221,13 +222,25 @@ local function format_historical_issue_description(alert_id, score, title, msg,
if alert_scores and alert_scores[alert_id] then
score = alert_scores[alert_id]
end


-- If alert risk is 0 then it comes from ntonpg, else nDPI
local alert_risk = ntop.getFlowAlertRisk(tonumber(alert_id))
local alert_src

if (tonumber(alert_risk) == 0) then
alert_src = "ntopng"
else
alert_src = "nDPI"
end

local alert_source = " <span class='badge bg-info'>" .. alert_src .. "</span>"

local severity_id = map_score_to_severity(score)
local severity = alert_consts.alertSeverityById(severity_id)
-- local alert_source = " <span class='badge bg-info'>".. ternary(score_alert.alert_risk, "nDPI", "ntopng") .. "</span>"
local html = "<tr><td>"..(msg or "").."</td>"..'<td align=center><span style="color:' .. severity.color .. '">' .. score .. '</span></td>'
html = html .. "<td>" .. info .. "</td>"
local remediation = flow_risk_utils.get_remediation_documentation_link(alert_risk, alert_src)

local html = "<tr><td>" .. (msg or "") .. alert_source .. "</td>" .. '<td align=center><span style="color:' .. severity.color .. '">' .. score .. '</span></td>'
html = html .. "<td>" .. info .. " " .. remediation .."</td>"

-- Add Mitre info
local alert_key = alert_consts.getAlertType(alert_id, alert_entities.flow.entity_id)
Expand Down
4 changes: 2 additions & 2 deletions scripts/lua/modules/historical_flow_utils.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -523,8 +523,8 @@ local function dt_format_flow_risk(flow_risk_id)
title = title,
label = title,
value = cur_risk_id,
help = flow_risk_utils.get_documentation_link(cur_risk_id),
remediation = flow_risk_utils.get_remediation_documentation_link(cur_risk_id)
help = flow_risk_utils.get_documentation_link(cur_risk_id, ""),
remediation = flow_risk_utils.get_remediation_documentation_link(cur_risk_id, "")
}

flow_risks[#flow_risks + 1] = flow_risk
Expand Down

0 comments on commit c42252a

Please sign in to comment.